Page 1 of 1

Perhaps wrong section but... "On Proprietary Applications"

Posted: Tue Jul 22, 2008 5:20 pm
by mdchesney
I have been developing PHP web applications for some time now but most as part of an employer's project. I know the code, the maintenance, and everything (well, does anyone know everything? I guess I know "enough") that goes into making a functional web application in PHP. Only recently I have begun making web apps on my own and distributing them to clients. My employer simply hosted the php files, thus preventing third-party access while ensuring a lengthy maintenance contract. I on the other hand would simply like to dev-and-drop, so to speak, so I'm looking for a way to do closed-source php distribution. I looked into some encoders (at $200 and upwards!) but there must be an easier way? Or am I forced to resign my intellectual right with the closing of each contract?

Re: Perhaps wrong section but... "On Proprietary Applications"

Posted: Wed Jul 23, 2008 3:56 pm
by alex.barylski
1. Obfuscation: Relatively easy to unscramble and see the source.
2. Encryption: Still possible to decrypt.
3. Encoders: Still possible to decode.
4. Compilation: Virtually impossible to unwind.

I've been looking into RoadSend PHP compiler for sometime. Personally I think hosting the software is the best bet.

Re: Perhaps wrong section but... "On Proprietary Applications"

Posted: Thu Jul 24, 2008 1:12 am
by Mordred
4. --> Nothing is impossible :)

Actually any protection method will do, as long as the cost of deprotecting approaches the cost of redeveloping or buying the software. Boutique vs. massmarket software changes the equation (whether to take in account the redevelopment cost or the market price) and gives a different level of motivation for a pirate (Would he resell a stolen massmarket product? Is he hired to deprotect a one-shot boutique software with no resell value?) and therefore a different deprotection cost.

So sometimes custom-made obfuscation will work well enough.

Re: Perhaps wrong section but... "On Proprietary Applications"

Posted: Fri Jul 25, 2008 12:47 pm
by alex.barylski
Mordred wrote:4. --> Nothing is impossible :)

Actually any protection method will do, as long as the cost of deprotecting approaches the cost of redeveloping or buying the software. Boutique vs. massmarket software changes the equation (whether to take in account the redevelopment cost or the market price) and gives a different level of motivation for a pirate (Would he resell a stolen massmarket product? Is he hired to deprotect a one-shot boutique software with no resell value?) and therefore a different deprotection cost.

So sometimes custom-made obfuscation will work well enough.
I did say "virtually" impossible. Regardless of how knowledeable anyone is in assembler I give my 100% guarantee you or anyone else could *not* return my source back to it's original form. In fact I'll offer a 20,000 reward to anyone who can. Of my own money. :)

The architecture, design and cleanliness of my code (which is what I'm protecting -- not the implementation) would be impossible to return to how I have it now.

So I would say "The above methods are not the same".

Compilation will make it impossible to steal my source whereas obfuscation, encryption and encoding generally don't protect the design or architecture just the implementation -- which is the easy part anyways.

Anyone can craft an application to update the body of it's web site using AJAX but how graceful one accomplishes that task varies tremdously.